[users at bb.net] Authorize the read-only view

Pierre Tardy tardyp at gmail.com
Tue Nov 24 20:25:59 UTC 2015 

good to know, thanks for the update.


Le mar. 24 nov. 2015 à 21:14, Martin Vilcans <martin at librador.com> a écrit :

> Yes, I have checked that. But now I think I have found the problem:
> WebSockets are supported only from Nginx 1.3 (according to
> https://www.nginx.com/blog/websocket-nginx/#gs.zSbvRCE), and I'm running
> 1.2.1, which seems to be ancient (as the latest version is 1.9.7). That's
> what you get for using a LTS release of Ubuntu, I suppose. I'll check
> tomorrow. Thanks.
>
> On Tue, Nov 24, 2015 at 6:52 PM, Francesco Di Mizio <
> francescodimizio at gmail.com> wrote:
>
>> I recently happened to set up an nginx server before buildbot nine beta 5.
>>
>> My config:
>>
>> server {
>>     listen 80;
>>     location / {
>>             # try_build is the name used by --link when starting this
>> nginx container
>>             proxy_pass http://try_build:8050/;
>>         }
>>
>>     location /ws {
>>               proxy_http_version 1.1;
>>               proxy_set_header Upgrade $http_upgrade;
>>               proxy_set_header Connection "upgrade";
>>               proxy_pass http://try_build:8050/ws;
>>               # raise the proxy timeout for the websocket
>>               proxy_read_timeout 6000s;
>>         }
>> }
>>
>> Websockets work ok.
>>
>> Are you sure you've configured buildbotURL correctly? In case of mismatch
>> many things will stop working. Do you get any message about such a
>> misconfig when opening the web home?
>>
>>
>>
>> On Tue, Nov 24, 2015 at 4:33 PM, Martin Vilcans <martin at librador.com>
>> wrote:
>>
>>> OK, thanks for your answer.
>>>
>>> Yeah, I tried configuring Nginx as a reverse proxy first, but I never
>>> got it to work with websockets. Are the SSL related things in the example
>>> configuration needed? I don't exactly enjoy setting up SSL. :-)
>>>
>>> The error I get in the browser's console is that the connection seems to
>>> time out:
>>>
>>> scripts.js?_1445513624809:14 ReconnectingWebSocket onerror
>>> ws://redacted/buildbot/ws Event {isTrusted: true}
>>>
>>> scripts.js?_1445513624809:14 ReconnectingWebSocket attempt-connect
>>> ws://redacted/buildbot/ws
>>>
>>> scripts.js?_1445513624809:14 ReconnectingWebSocket connection-timeout
>>> ws://redacted/buildbot/ws
>>>
>>> scripts.js?_1445513624809:14 WebSocket connection to
>>> 'ws://redacted/buildbot/ws' failed: WebSocket is closed before the
>>> connection is established.
>>>
>>> scripts.js?_1445513624809:14 ReconnectingWebSocket onerror
>>> ws://redacted/buildbot/ws Event {isTrusted: true}
>>>
>>> scripts.js?_1445513624809:14 ReconnectingWebSocket attempt-connect
>>> ws://redacted/buildbot/ws
>>>
>>> scripts.js?_1445513624809:14 ReconnectingWebSocket connection-timeout
>>> ws://redacted/buildbot/ws
>>>
>>> scripts.js?_1445513624809:14 WebSocket connection to
>>> 'ws://redacted/buildbot/ws' failed: WebSocket is closed before the
>>> connection is established.
>>>
>>> scripts.js?_1445513624809:14 ReconnectingWebSocket onerror
>>> ws://redacted/buildbot/ws Event {isTrusted: true}
>>>
>>>
>>> Here's the Nginx config:
>>>
>>> server {
>>>
>>>     auth_basic "Speak friend and enter";
>>>
>>>     auth_basic_user_file "/etc/nginx/htpasswd";
>>>
>>>
>>>     # Make sure we don't share any Git repos just in case
>>>
>>>     location ~ /\.git {
>>>
>>>         deny all;
>>>
>>>     }
>>>
>>>
>>>     location /robots.txt {
>>>
>>>         root /usr/share/nginx/www;
>>>
>>>     }
>>>
>>>
>>>     location /artifacts/ {
>>>
>>>         root /var/buildsys/build-server/master/;
>>>
>>>         autoindex on;
>>>
>>>     }
>>>
>>>
>>>     # Based on
>>> http://docs.buildbot.net/latest/manual/cfg-www.html#reverse-proxy-configuration
>>>
>>>     location /buildbot/ {
>>>
>>>             proxy_pass http://localhost:8020/;
>>>
>>>     }
>>>
>>>     location /buildbot/sse/ {
>>>
>>>         # proxy buffering will prevent sse to work
>>>
>>>         proxy_buffering off;
>>>
>>>         proxy_pass http://localhost:8020/sse/;
>>>
>>>     }
>>>
>>>     # required for websocket
>>>
>>>     location /buildbot/ws {
>>>
>>>         proxy_http_version 1.1;
>>>
>>>         proxy_set_header Upgrade $http_upgrade;
>>>
>>>         proxy_set_header Connection "upgrade";
>>>
>>>         proxy_pass http://localhost:8020/ws;
>>>
>>>         # raise the proxy timeout for the websocket
>>>
>>>         proxy_read_timeout 6000s;
>>>
>>>     }
>>>
>>> }
>>>
>>> ~
>>>
>>>
>>> On Tue, Nov 24, 2015 at 1:01 PM, Pierre Tardy <tardyp at gmail.com> wrote:
>>>
>>>> Hi Martin,
>>>>
>>>> It is currently not possible to create this configuration. I would not
>>>> expect it to be difficult to implement.
>>>>
>>>> Also it is recommended indeed to use nginx in reverse proxy mode, but
>>>> you have to take care of properly configuring it.
>>>>
>>>> http://docs.buildbot.net/latest/manual/cfg-www.html#reverse-proxy-configuration
>>>>
>>>> Pierre
>>>>
>>>> Le lun. 23 nov. 2015 à 10:38, Martin Vilcans <martin at librador.com> a
>>>> écrit :
>>>>
>>>>> Hi,
>>>>>
>>>>> I'm trying to add authorization to Buildbot's read-only web UI in
>>>>> 0.9.0b5.
>>>>>
>>>>> First I did this with Nginx configured as a reverse proxy, but I
>>>>> didn't get it to proxy the websockets, so I enabled authentication in the
>>>>> www configuration. But I have found no way to disallow read-only access to
>>>>> unauthenticated users. Is it possible?
>>>>>
>>>>> --
>>>>> Martin Vilcans, game, web and software developer
>>>>> E-mail <martin at librador.com> Blog <http://www.librador.com/> Twitter
>>>>> <http://www.twitter.com/vilcans> Github <https://github.com/vilcans>
>>>>> LinkedIn <https://www.linkedin.com/in/vilcans>
>>>>> Resolution Games <http://www.resolutiongames.com> Screenplain
>>>>> <http://www.screenplain.com>
>>>>> _______________________________________________
>>>>> users mailing list
>>>>> users at buildbot.net
>>>>> https://lists.buildbot.net/mailman/listinfo/users
>>>>
>>>>
>>>
>>>
>>> --
>>> Martin Vilcans, game, web and software developer
>>> E-mail <martin at librador.com> Blog <http://www.librador.com/> Twitter
>>> <http://www.twitter.com/vilcans> Github <https://github.com/vilcans>
>>> LinkedIn <https://www.linkedin.com/in/vilcans>
>>> Resolution Games <http://www.resolutiongames.com> Screenplain
>>> <http://www.screenplain.com>
>>>
>>> _______________________________________________
>>> users mailing list
>>> users at buildbot.net
>>> https://lists.buildbot.net/mailman/listinfo/users
>>>
>>
>>
>
>
> --
> Martin Vilcans, game, web and software developer
> E-mail <martin at librador.com> Blog <http://www.librador.com/> Twitter
> <http://www.twitter.com/vilcans> Github <https://github.com/vilcans>
> LinkedIn <https://www.linkedin.com/in/vilcans>
> Resolution Games <http://www.resolutiongames.com> Screenplain
> <http://www.screenplain.com>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20151124/87617852/attachment.html>

More information about the users mailing list